Thursday, September 9, 2021

Removing Role and Entitlement Assignment using Sailpoint IIQ API

 Removing Role and Entitlement Attribute Assignment using Sailpoint IIQ API

public removeRoleAssignments(String identityName, ProvisioningProject project){
    	
	Identity identity = context.getObjectByName(Identity.class, identityName);
	if (identity != null){
		ProvisioningPlan plan = project.getMasterPlan();
		AccountRequest accountRequest;
		List attributeRequests = new ArrayList();        
		if( plan != null){					  
			List accountRequestList = new ArrayList();			
			accountRequestList = plan.getAccountRequests("IIQ");
			accountRequestList.addAll(plan.getAccountRequests("IdentityIQ"));
			if(accountRequestList != null && !accountRequestList.isEmpty()){			  
				for(AccountRequest account: accountRequestList){									
					ProvisioningPlan roleRemovalplan = new ProvisioningPlan();              
					roleRemovalplan.setIdentity(identity);         
					if(account != null){
						List roleAttributeRequests = new ArrayList();
						attributeRequests = account.getAttributeRequests("assignedRoles");
						if(attributeRequests != null && !attributeRequests.isEmpty() ){
							AccountRequest roleRequest = new AccountRequest(AccountRequest.Operation.Modify, ProvisioningPlan.APP_IIQ, null, identity.getName());							
							for(AttributeRequest attributeRequest : attributeRequests) {														
								roleAttributeRequests.add(new AttributeRequest(ProvisioningPlan.ATT_IIQ_ASSIGNED_ROLES, ProvisioningPlan.Operation.Remove, attributeRequest.getValue()));							
							}
							roleRequest.addAll(roleAttributeRequests);
							roleRemovalplan.add(roleRequest);														
							Provisioner provisioner = new Provisioner(context);
							provisioner.setNoRoleExpansion(true);
							provisioner.execute(roleRemovalplan);			
						}		
					}              
				}               
			}             
		}		  
		context.saveObject(identity);      
		context.commitTransaction();
    }
}

public removeAttributeAssignments(String identityName, ProvisioningProject project){

    Identity identity = context.getObjectByName(Identity.class, identityName);
    boolean updateRequired = false;
	String createOperation="Create";
    if(null !=identity){
      List attrAssignments = identity.getAttributeAssignments();
      if(Util.nullSafeSize(attrAssignments)>0){       
        List attrAssigns = new ArrayList(attrAssignments);   
        if(project != null){
			List expPlans = project.getPlans();
			List accountRequestList = new ArrayList();
			for(ProvisioningPlan expPlan : Util.safeIterable(expPlans)){
            String source;
            source=expPlan.getSource();
            accountRequestList = expPlan.getAccountRequests();
				for(AccountRequest accRequest : Util.safeIterable(accountRequestList)){
				String operation=accRequest.getOp().toString();							  
					if(!Util.nullSafeCaseInsensitiveEq(createOperation,operation)){             
						for(AttributeRequest attrReq : Util.safeIterable(accRequest.getAttributeRequests())){
							if(attrReq!=null && "Remove".equalsIgnoreCase(attrReq.getOp().toString())){
								String requestedgrp = attrReq.getValue(context).toString();
								for (AttributeAssignment attrAssignment : attrAssigns){
								String attAssignmentValue=attrAssignment.getValue();
									if(Util.nullSafeCaseInsensitiveEq(attAssignmentValue,requestedgrp) && (Util.nullSafeCaseInsensitiveEq("LCM",source)||Util.nullSafeCaseInsensitiveEq("Batch",source))){
									attrAssignments.remove(attrAssignment);
									updateRequired = true;
									}
								}
							} 
						}
					}
				}
			}
        }
      }
      if (updateRequired) {
        identity.setAttributeAssignments(attrAssignments);
        context.saveObject(identity);
        context.commitTransaction();
      }
    }
  }

No comments:

Post a Comment